Posted
by
timothy
on Sunday December 22, 2013 @11:25AM
from the watch-your-friends'-enemies dept.

Jacob Appelbaum isn't shy about his role as a pro-privacy (and anti-secrecy) activist and hacker. A long-time contributor to the Tor project, and security researcher more generally, Appelbaum stood in for the strategically absent Julian Assange at HOPE in 2010, and more recently delivered Edward Snowden's acceptance speech when Snowden was awarded the Government Accountability Project's Whistleblower Prize. Now, he reports, his Berlin apartment appears to have been burglarized, and his computers tampered with. As reported by Deutsche Welle, "Appelbaum told [newspaper the Berliner Zeitung] that somebody had broken into his apartment and used his computer in his absence. 'When I flew away for an appointment, I installed four alarm systems in my apartment,' Appelbaum told the paper after discussing other situations which he said made him feel uneasy. 'When I returned, three of them had been turned off. The fourth, however, had registered that somebody was in my flat - although I'm the only one with a key. And some of my effects, whose positions I carefully note, were indeed askew. My computers had been turned on and off.'" It's not the first time by any means that Appelbaum's technical and political pursuits have drawn attention of the unpleasant variety.

It is always an interesting question though as to which "they" it is. Appelbaum has access to documents that Snowden leaked. Is it the Russian government trying to get their hands on the full cache of documents that Snowden leaked, assuming they don't have it already? Germany is crawling with Russian spies. Is it the German government looking for more information on US and British activity? Chancellor Merkel brought a former intelligence officer into her government recently. Is it the US government? Is it the Iranian government looking for ways to avoid detection of its agents? Is it another nation, impatient to see if there are any revelations about intelligence involving it but not wanting to wait for newspaper publication that may never come? Is it another advocacy group looking for information to share in the limelight? Is it another hacker group looking for clues as to how to avoid government surveillance of their activities, or for information they can crib into attacks? It is criminal gangs looking for information that can be exploited in many ways - making a profit and avoiding police surveillance? Is it a former lover looking for revenge? All that can be said is that he claims that something happened, but what it means is very much an open question. Various people will claim to know that it was this, or that, but Appelbaum doesn't know exactly what, how could anyone else but the perpetrators.... if they exist?

Is it the Russian government trying to get their hands on the full cache of documents that Snowden leaked, assuming they don't have it already?

My opinion too: it's very likely that these documents doesn't contain much that the FSB (which has been at this spying game even before it was renamed from TcheKa to KGB) isn't already aware of through their own information channel.The reason we can trust when snowden tells that he hasn't handed anything over to Russia (nor China), is that very probably they won't gain much that they don't know already. It's simply not worth going through the hassle and public disapproval of using this controversial source

Just a few days ago NSA admitted that they have NO IDEA HOW EXTENSIVE IS THE SNOWDEN'S SECRET FILE COLLECTION ) and the one who has the BIGGEST PANIC ATTACK is NSA, not Russia, not China, and of course, not the Germans.

My post had nothing to do with panic, but rather the lack of evidence about who actually entered Applebaum's apartment.

The fact that the Berlin apartment of one Jacob Appelbaum was invaded, with 3 of his 4 alarms cut off, and his computers tempered with, signifies the SHEER PANIC ATTACKS NSA is suffering right now !

Interesting. What is the source of your claimed knowledge that it was NSA, and not some other country or intelligence service? Are you making it up, or is there a clue in this line in your post:

And btw, Cold Fjord, you are NOT the only one who has worked in clandestine projects.

That seems to be quite an admission on your part. Who are you working for? Is that why you are trying so hard to discredit the NSA and the US?

Had the Ruskies so hard up for the files, Edward Snowden is IN THEIR HAND RIGHT NOW and KGB sure knows a lot of ways to GET RESULT OUT OF PEOPLE WHO REFUSE TO TELL THEM ANYTHING.

10 years ago my first thought probably would have been along the lines of "probably just some random burglars, he's probably just paranoid". Now? No one seems to question that it was government agents who likely broke in.

I think that's one of the strongest indictments of the NSA spying scandal I've seen yet, previously people assumed government spooks only went after other government spooks, serious criminals or terrorists, or in the very rare case, high level political subversive elements. The idea that a

Burglary and theft aren't the same. (I used to think they were; as a 3 or 4-year-old, I thought burglars had a fun-looking job, but I guess my moral sense was still developing...but I also thought that burglars and bank-robbers were pretty much the same thing. I was a burglar for Hallowe'en when I was 4, not realizing that the black-and-white stripes are really only for burglars who aren't at present pursuing that line of work.)

Wikipedia puts it this way: "Burglary (also called breaking and entering[1] and

Criminals skillfully disabling alarm system after alarm system, entering and leaving with next to no trace are the stuff of jewel heist movies. For decades, the advice of experts has been to make things difficult (not impossible) for thieves to steal your stuff. That's because thieves are usually a) lazy b) stupid c)) feeding a habit or d) some combination thereof. As a rule, they are looking for the quick score. The will not spend hours disabling alarms in order to steal your TV/computer/jewellery/etc when there are numerous other apartments in the same building or homes in the same neighbourhood that don't have that protection.

Even if we stipulate, for the sake of argument, that some criminal did break into his home in this manner, that leaves us the obvious question of why the fuck wasn't anything taken? Thieves takes things, that's pretty much the definition! Whoever broke in could have taken all of his valuables, but didn't. Ergo, he, she or they weren't interested in valuables.

Then there is the fact that it would appear that some care was taken to leave minimal traces of the illicit visit. Again, this is not the behaviour of your typical burglar. B&E guys know that most of the time cops won't bother with the whole forensic fingerprints, DNA analysis etcetera. As long as they don't leave clear prints in obvious places, the cops will usually just file a report and move on. It is just not cost effective to spend tens of thousands of department funds to pursue your typical B&E.

The only logical conclusions we can make here is that:

a) The perpetrator(s) were far more skilled and patient than your average burglar

b) They weren't after fence-able valuables

c) They were interested in something they thought he had that none of his neighbours had.

d) Based on the access to his computers, what they were interested in was electronic data of some sort.

e) Given his long standing political views, he may have been investigated by the German intelligence community on general principles, but given his well known connection to Edward Snowden, it is highly probable that he was being investigated by someone with a strong interest in that situation.

f) Virtually all of the groups with access to people with those skills and with a strong interest in the Snowden case are state actors, mostly in the covert community.

I'll concede that there is a small chance that some private sector group might be involved with this. There may be a group on the scale of Anonymous that also acts on the real world/physical level and is (therefore) more paranoid about associating themselves with any actions. One could hypothesize that such a group was looking for data so that they could reach out and help Snowden with his agenda without leaving any clues for other agencies to follow as to how they found him, but I think that is a very low probability. (it would make for a great plot for some cyberpunk novel though wouldn't it?)

Very true. Instill an element of fear in someone who you know will talk about it, creating an element of fear over the wider community. PsyOps. Which we know governments practice.

The Russians know no more than the rest of us - Snowden has made it clear he gave all documents to others, and this is extremely believable. It makes it pointless to limit damage - or even establishing what damage there is to be limited - by capturing or killing him.

He has made it clear he has given encrypted copies to others, and he releases encryption keys selectively as the need arises.Which suggests he as a very good memory, or access to something to retrieve the next key or the key specific to the topic he chooses.

The Guardian journalists have access to all the documents he's released to them. He doesn't regurarly send them keys for decryption. The only thing only he holds a key for is his mysterious "insurance" file.

The Russians know no more than the rest of us - Snowden has made it clear he gave all documents to others, and this is extremely believable.

These two are separated.The fact that Snowden has already given away the documents and doesn't have them any more, DOES NOT prevent the Russians from already knowing the information contained in the Snowden documents (not because they read the actual Snowden documents, but simply because they already have competent intelligence service with a very long experience dating back from the cold war and even before and vastly more ressource: Russians have probably already gathered similar amount of informations th

You can't overlook the possibility that they were leaving a message, whoever it was.

"Never attribute to malice that which is adequately explained by stupidity." -- While disagree with the foolish absolutist term "never" Hanlon used in this quote, it's more probable sloppiness otherwise why bother disabling the other 3 alarms or turning off the computers? I mean, stealing the computers and ransacking the place to appear as a burglary would have been so much easier.

The best defense is a good offense. This explains my odor, and why I insist mother brings my food down to the basement, so as

almost surely *not* gummint employees, which is -to a large extent- the problem...no, these are prob *EX* gummint spooks who are now private contractors doing the dirty work of unka sam...

can you say : plausible deniability, sure, i knew you could...

So you thing the NSA doesn't have it best teams on this issue, and instead are going with a Michael Westin solution?That's crazy.Why would they need plausible deniability? Who's going to arrest them? Certainly not the BfV or BND.

Indeed. And even the 3 that were "turned off" are a dead giveaway already. But turning the computers on is just plain gross incompetence. On the other hand, the NSA had all its crown-jewels stolen by a contractor, so the level of incompetence and stupidity in the "intelligence" community seems to be just what you would expect from government employees.

Turn the computer off/reboot into a forensic linux cd/dvd, examine the hard drive, do what you want, switch some system files for files more under your control, then hope he doesn't notice you've done these things.... then follow his computer activity/trail, his tor activities....

No "security researcher and hacker" would have his computer set up to boot from the CDrom, or have his bios un-password protected, or his hard drive unencrypted. If they were "Really Good" at computer forensics they might have simply removed the drives cabled them up and cloned them, encrypted partitions and all. (It would be impossible to add their own versions of software to an encrypted drive. Of course this assumes he's not running Windows).

If done right, and everything put back in place, the only thing he would have to determine that the "computers" were turned on would be the power on count in the drive's SMART data.

Of course, he could have gone old-school, and placed a tuft of cotton fuzz in the fan vent. Someone who uses 4 alarms might just be that careful.

A fairly simple attack against encrypted systems is to infect the small unencrypted bootloader and kernel (which are almost always stored on the same drive in an unencrypted partition) and put a backdoor into that. You could even clone the drive, then put in a backdoor which would save the encryption key (when he booted next time) and send it to you over cover channels.

The first couple stages of the bootloader really have very little space to work with. I would think that the very first stage would just initialize the hardware and jump to the second, which for secure versions just decrypts the third-stage, maybe does some sort of verification, and jumps there. (At least that's how I would do it. And that's how they did it for the original X-Box.*) If it's supposed to be a secure system, why the hell would they leave the kernel lying around unencrypted?

My desktop computer moves when I make hardware changes. The dust is medium and consistent. Someone moving the computer to clone a drive or plug something in the back will make it so I can tell, unless they can also clean it and age the dust 8 months. You don't have to be OCD to notice changes. It just helps.

My desktop computer moves when I make hardware changes. The dust is medium and consistent. Someone moving the computer to clone a drive or plug something in the back will make it so I can tell, unless they can also clean it and age the dust 8 months. You don't have to be OCD to notice changes. It just helps.

So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

They might have had no alternative but to turn off the three alarms. After all a loud ringing alarm will soon bring investigators of one sort or another.

Who knows just how persnickety his staged positioning of items in the room might have been. That magazine might overlap that envelope on the table "just so", and he could have had photos on his smartphone that he could match better than even a professional team could restore.

So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

If you came home after a trip and all your alarms had been turned off that's generally a better indication that you were broken into than having some items in a different position. Question is did they leave the alarms off as a practical manner (too hard to turn back on) or as a "we were here" message that some have suggested.

As we improve our ability to keep private things private the government's orginizations will find it easier to snoop by gaining physical access first. There's no doubt we're on the slippery slope. I have to wonder, which orginization broke into his apartment? Or maybe it was a combined effort and they are sharing in the information gained, if any.

Seriously, if you don't want the American secret police to dig around through your shit, kidnap, torture, and possibly kill you (while making your body disappear), don't piss off anyone in the American government.

Nobody knows what would piss off the wrong people to that extent. The CIA apparently had "rogue" missions being launched by "enthused" controllers. We don't know if that's true, but since I am defining the scope of ignorance, anything we can rationally say we are ignorant of is in scope. In this case, we can rationally say that the best information we have makes it possible that upsetting relatively low-level employees of any security agency may be sufficient to warrant (in their eyes) a visit.

Let's just not get carried away and think that Russians, Germans, the Brits, Canadians, you name it, don't engage in similar activities. Maybe it's just that in those countries nobody has the balls to leak the info.

It's surprising that there are still some people in the USA who are surprised that your spooks are generally perceived, all over the world, to be criminals.

It is surprising that some people are unable to conceive of the idea that many nations would like to get their hands on the information that Snowden took, and which Appelbaum has access to. For all you know it could be Russians, Chinese, Iranians, Germans, French, Israelis, Swedes, or just about any other country's agents. That is before you consider criminal gangs or hacker groups. Your imagination is far too limited to consider the range of possibilities.

1. These documents are known to exist, and are highly pollitically controversial. Although Germany representative would be free to bitch and moan about things published in the news papers about NSA spying them (after all these specific information where published for anyone to see, and are the consequence of news papers, not germany's own services), things will be very different if word got out the Russian or

Come on, he installed four alarm system and didn't bother with a single surveillance camera? I am not saying that there wasn't somebody in his apartment, but it's hard not to think this might have just been a case of a malfunctioning alarm system and a whole bunch of paranoia on top. If the government is after you, at least make sure you get some pretty pictures of them, cams are cheap these days.

My thoughts exactly. All this security system but no cameras? If you are that worried about people breaking into your house, and think it has happened before, wouldnt you want to know WHO broke into your house?

Also, it seems very unlikely that he's the only one with a key to his flat. If it's a flat, that means it's in a shared building. If he's renting the landlord has a key, for emergency and notified inspection purposes. If he's got a condo, the superintendent has a key for emergency purposes. Unless he owns the building and has a pick-proof lock, his claims on physical security seem to be overstated. OK, I guess he could have an extraordinary contract, but a power outage seems more likely given the infor

If he's got a condo, the superintendent has a key for emergency purposes.

I don't know if you mean something different by "condo"; but I've lived in a couple and live in one now, and there is no 'superindentent'. There is a strata corporation with a president and council who are elected from the owners, a 3rd party management company who provides some legal services, and a variety of contracts with trades... but nobody has a key to all the units. Hell, most owners re-key them as a matter of course when they

However, there is nothing (other than his rental agreement) that would prevent him from having his locks changed out, even if he did it himself. Its trivial, and your building super might not notice for years, if you are always there to let him in.

Him having the only key means nothing if he bought a common lock, many of which are still being made to this day that are susceptible to bump keys.

Come on, he installed four alarm system and didn't bother with a single surveillance camera? I am not saying that there wasn't somebody in his apartment, but it's hard not to think this might have just been a case of a malfunctioning alarm system and a whole bunch of paranoia on top. If the government is after you, at least make sure you get some pretty pictures of them, cams are cheap these days.

That triggered alarm bells in my head as well. Maybe those "alarms" that were disabled were really cameras sending pictures to someplace, these are cheap and getting cheaper these days. If he was using something from a commercial service (like Dropcam) those accounts would have been disabled before the break in crew arrived at his door step. If they were watching his internet stream they would have known about such things.

The problem with cameras is that they are also on while you're at home alone. Once the government catches you on video making a sandwich or writing an email they can use it against you. Better to claim you just sit and watch a blank TV all day.

Oh come on. People who have cameras know they have cameras, and turn them off when they don't want them on. Especially (justifiably) paranoid people.If you don't get notified that your camera took a picture and maybe have it emailed to you, you're doing it wrong.

And then go over the EFI boot partition, and find some way to compare the firmware with the file from the manufacturer's site. If they have been compromised, don't pass up the chance to document exactly how it was done.

Some do. The whole "Linux vs. Windows 8 and Secure UEFI" debacle is about the fact that, because Windows 8 mandates Secure UEFI, althrough *PC* vendor are required to let their customer around Secure UEFI (allowinf customer to disable it and allowing customer to put other signing keys there), the same requirement don't apply for ARM hardware.You can install linux on a Secure UEFI Windows 8 x86 desktop.You are not guaranteed to be able to install Linux on a ARM tablet with Secure UEFI and Windows 8 RT.

This computer holds the latest and greatest they have in espionage software and possibly hardware. I'd say get it thoroughly examined so we know what to look for on other machines.Make good forensic copies of anything that is able to hold data in the device and only work on copies of copies so you'll always be able to start from scratch if you mess up or want to prove your findings.

Competent spies can do it without you noticing. Perhaps "they" are getting sloppy? Maybe "they" subcontracted it out to a 3rd party private security agency? Maybe it was deliberately sloppy and intended to send a message to Appelbaum?
Or maybe it was aliens? We can speculate about this all week if we want to;)

Sure, there are probably some surveillance things tossed in mainly "to be found", but the fact is that a break-in like this - where 3/4 of the systems weren't even turned back on is either a) laughably amateur, or b)(more likely) a deliberate message TELLING him he's under surveillance.

If he's practicing even moderately good security measures, he's likely beyond all but governments' ability to crack. And if they're after him, there are few things that he could do to PREVENT such surveillance.

The 'spy' would most likely turn out to be an unidentifiable homeless 'kid' having a bit of b&e 'fun' and then gets killed by your booby trap. Since booby traps are illegal in most jurisdictions, you'll be going down with your own evidence helping to convict you,

Child porn either hidden on his computer or on cds hidden in the depths of the apartment somewhere. On his computer a timer to reveal it in a few days time; the disks are 'stumbled across' at some point in the future. He needs to check the apartment and totally shred the computer disks...
Any bets anyone?

Your web browser will download anything from anywhere the pages you visit tell them to. Even if you browse only encrypted sites the site itself can be trivially exploited via XSS, SQL injection, or the zero-day exploits purchasable on the black market. Now, some of the pages you've been browsing can contain hidden <iframe> tags or if JS is enabled XMLHTTP Requests to download child porn. You'll never see the images, but there it is: an ISP record that your computer regularly made requests to child porn sites and downloaded kiddie porn. The spy agencies can simply put CP on your systems remotely, and give them "probable cause" to search. A physical copy would be quite a nice touch.

This isn't a hypothetical warning. I clean up servers linking to CP about 3 times a year. The government doesn't even have to do anything but make possession of certain strings of 1's and 0's illegal. Then the angsty teen skiddies with a copy of Metasploit inject the illegal pictures to ordinary sites in protest that sexting pics of themselves is illegal. Now, your Internet history clears after a period of time, so if it's not in there right now, it could have been and probably still resides on your drive's free sectors. You should be using whole drive encryption for this reason alone -- Although that doesn't rid the ISP record of your apparent obsession with disgusting perverse illegal imagery.

A police state has two prime tools:0. Ensure it's impossible to obey every law.1. Selective enforcement of the law.

He doesn't need help with a messed up head...who wants to bet this is some stunt? What proof we have besides the word of a wacko?

Seriously, people, why is this modded down into oblivion?Is it not at least plausible, and worth discussing?

No proof, no details, no explanations on how he "knows" these things? No Pictures? Four alarms, carefully positioned objects, and not one camera?Sure he might not want to give away his trade-craft, but then why give away his knowledge that it happened?

We all want to blame the three letter agencies these days, but we should at least entertain the thought that this might be cheap self aggrandizement.